<%@ page import="java.sql.ResultSet" %>
<%@ page import="java.util.regex.Pattern" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ include file="/common/config.jsp" %>
<html>
<head>
    <title>查看详情</title>
</head>
<body>

<%
    request.setCharacterEncoding("UTF-8");
    String msg = "";
    String id = request.getParameter("id");
    if (id == "" || "".equals(id)) {
        out.print("不是正确的学生学号，页面将在5秒内跳转到学生列表页面。");
        out.print("<a href=\"query.jsp\">立即跳转</a>");
        response.setHeader("refresh", "5;URL=query.jsp");
    }
    String name = request.getParameter("name");
    String password = request.getParameter("password");
    String password2 = request.getParameter("password2");
    String phone = request.getParameter("phone");
    String clazz = request.getParameter("clazz");
    String homePath = request.getParameter("homePath");
    String sql = "";
    String sno = "";
    PreparedStatement pstmt=null;
    String action = request.getParameter("action");
    if ("update".equals(action)) {
        sql = "UPDATE t_user set NAME=?,PHONE=?,PASSWORD=?,CLAZZ=?,HOME_PATH=? WHERE id=?";
        pstmt=conn.prepareStatement(sql);
        pstmt.setString(1,name);
        pstmt.setString(2,phone);
        pstmt.setString(3,password);
        pstmt.setString(4,clazz);
        pstmt.setString(5,homePath);
        pstmt.setString(6,id);

    } else if ("delete".equals(action)) {
        id = id.substring(0, id.lastIndexOf(","));
        sql = "delete from t_user where ID in (?)";
        pstmt=conn.prepareStatement(sql);
        pstmt.setString(1,id);
    } else if ("view".equals(action)) {
        conn.close();
        msg = "查看页面不允许对数据进行操作";
        request.setAttribute("msg", msg);
        request.getRequestDispatcher("edit.jsp").forward(request, response);
    } else {
        sql = "SELECT MAX(id)+1 as sno from t_user";
        pstmt=conn.prepareStatement(sql);
        ResultSet rs = pstmt.executeQuery();
        if (rs.next()) {
            sno = rs.getString("sno");
        }
        if (!id.equals(sno)) {
            conn.close();
            msg = "学号在前端遭到非法篡改，请检查！";
            request.setAttribute("msg", msg);
            request.getRequestDispatcher("edit.jsp").forward(request, response);
        } else {
            sql = "INSERT INTO `t_user`(`ID`, `NAME`, `USERNAME`, `PASSWORD`, `HOME_PATH`, `PHONE`, `CLAZZ`) VALUES (?,?,?,?,?,?,?);";
            pstmt=conn.prepareStatement(sql);
            pstmt.setString(1,id);
            pstmt.setString(2,name);
            pstmt.setString(3,id);
            pstmt.setString(4,password);
            pstmt.setString(5,homePath);
            pstmt.setString(6,phone);
            pstmt.setString(7,clazz);
        }
    }


    if (!"delete".equals(action)) {
        String patten = "^[\u4e00-\u9fa5]{2,4}$";
        if (!Pattern.matches(patten, name)) {
            conn.close();
            msg = "姓名必须是2-4位的汉字";
            request.setAttribute("msg", msg);
            request.getRequestDispatcher("edit.jsp").forward(request, response);
        }

        patten = "^(13[0-9]|14[5|7]|15[0-9]|18[0|1|2|3|5|6|7|8|9]|177|166)\\d{8}$";
        if (!Pattern.matches(patten, phone)) {
            conn.close();
            msg = "手机号码必须是11位合法中国大陆手机号";
            request.setAttribute("msg", msg);
            request.getRequestDispatcher("edit.jsp").forward(request, response);
        }

        patten = "^[0-9A-Za-z]{6,12}$";
        if (!Pattern.matches(patten, password)) {
            conn.close();
            msg = "密码只能是由3-12位数字，大写字母，小写字母组成的字符串";
            request.setAttribute("msg", msg);
            request.getRequestDispatcher("edit.jsp").forward(request, response);
        }
        if (!password.equals(password2)) {
            conn.close();
            msg = "两次密码输入不一致，可能在前端代码遭到篡改，请查看";
            request.setAttribute("msg", msg);
            request.getRequestDispatcher("edit.jsp").forward(request, response);
        }

        //只能是特定几个班级才能添加进来（数据库中存在的班级，才能够添加）
        if (!"其他".equals(clazz)) {
            String sqlClazz = "SELECT DISTINCT clazz from t_user";
            ResultSet rsClazz = stmt.executeQuery(sqlClazz);
            boolean clazzFlag = false;
            while (rsClazz.next()) {
                if (clazz.equals(rsClazz.getString("clazz"))) {
                    clazzFlag = true;
                    break;
                }
            }
            if (!clazzFlag) {
                conn.close();
                msg = "非法的班级信息，请检查";
                request.setAttribute("msg", msg);
                request.getRequestDispatcher("edit.jsp").forward(request, response);
            }
        }

        patten = "<(\\S*?)[^>]*>.*?|<.*? />";
        if (Pattern.matches(patten, homePath)) {
            conn.close();
            msg = "前端正在进行脚本注入攻击，请检查";
            request.setAttribute("msg", msg);
            request.getRequestDispatcher("edit.jsp").forward(request, response);
        }
    }

    try {
        pstmt.execute();
        out.print("<center>");
        out.print("操作成功，3秒钟之后跳转到列表页面！");
        out.print("</center>");
        response.setHeader("refresh", "3;URL=query.jsp");

    } catch (Exception e) {
        out.print("出错了：" + e.getMessage() + "<br>");
        out.print("<a href='edit.jsp'>返回添加</a>");
    }
    conn.close();

%>


</body>


</html>
